Modern data transmission systems are subject to increasingly sophisticated attacks, such as for instance attacks of the data injection type. The principle of such attacks is the following. A genuine data packet is sent with however a checksum parameter which has been so altered as to have a wrong value, whereby the data packet is held valid but is nevertheless discarded on the receiver side. Then a second packet is sent, which has the same packet number, i.e., the same sequence number from the viewpoint of the TCP protocol, but a corrupted payload. This second packet may thus circumvent the protection schemes that are provided at the egress of the network.
Many efforts have been made to prevent or at least limit damages from an adversary, that have let to such answers as those known as IDS (“Intrusion Detection Systems”) or IPS (“Intrusion Prevention Systems”). Intrusion Detection Systems are of purely passive form, in the sense that they can only alert the receiver of the presence of malicious activity, whereas Intrusion Prevention Systems operate in-line (i.e., cut-through), that is to say analyse network traffic mid-stream.
From the article “Robust TCP Stream Reassembly In the Presence of Adversaries”, by Sarang Dharmapurikar and Vern Paxson, Proceedings of the 14th USENIX Security Symposium, August 2005, pp. 65-80, there is known a hardware-based high-speed TCP reassembly mechanism that is robust against attacks it is targeted at. This mechanism is intended to serve as a module used to construct a variety of network analysis systems, especially Intrusion Prevention Systems.